Get pro tips and hot takes or your money back 💸

Why WordPress.org Should Write an Honest Bluehost Review

The short version of this article is that we haven’t had great luck with Bluehost, and we’d like WordPress.org to be more transparent with their endorsement. For better hosting alternatives look at our WordPress hosting comparison article.

WordPress Hosting is a tricky business and finding an impartial Bluehost review is even more difficult. I’ve never been employed at a web host but I do have a lot of background working with systems that need to be online and available all the time. It’s hard enough when you have complete control over your environment, so throwing millions of sites into the mix that take full advantages of all the resources you have to offer can be a real strain, and can make being the best WordPress hosting company an extremely lofty goal. I understand all of that completely. Hosting ain’t no kids game.

I’ve talked about WordPress hosting reviews at length before, and I want to bring that same topic up again, but this time in a very specific context. After years of WordPress.org endorsing Bluehost, I believe it’s time they stop.

This is actually tough for me to write because I know people personally who work at Bluehost and this no fault of theirs. Many great techs and developers have no control over business decisions that have been hurting Bluehost’s reputation. They do their best to provide a great service, but they’re playing against a stacked deck and their service, performance, and uptime have tanked over the last year.

Things have gotten so bad that WPMU just awarded Bluehost with a wooden spoon for being the bottom feeder in an unbiased review of 5 different web hosts. Now I don’t know about you, but winning a wooden spoon doesn’t sound like a very awesome prize for a company that should be leading in a high tech industry. Maybe a Blendtec would be a better modern-day kitchen-inspired prize? I digress.

Unfortunately our experience with Bluehost over the past 6-9 months has been similar to what was represented in the WPMU post. Slower servers, poor technical support, and more frequent outages have become the norm, and not the exception.

And even after all of this, Bluehost still has a glowing endorsement from WordPress.org. Granted, this hosting recommendations page hasn’t changed in years, but that’s all the more reason to take time and carefully review who’s listed there. That’s what ended up happening with the theme and plugin marketplaces, right? Why not hosting?

A Missed Opportunity for a More Honest Bluehost Review from WordPress.org:

We’ve dealt with more hosts than you can imagine; in our opinion, the hosts below represent some of the best and brightest of the hosting world. If you do decide to go with one of the hosts below and click through from this page, some will donate a portion of your fee back—so you can have a great host and support WordPress.org at the same time.

Money Talks

So what’s WordPress.org’s motivation to continue to endorse Bluehost without at least providing users with a frank review of their services? Is it the good affiliate program that helps support the operation of the site and the community? Is it Bluehost’s frequent high-level sponsorship of WordCamps? Or is it simply a gentleman’s handshake that continues to stand?

It’s probably a combination of all three. I honestly have no problem with WordPress listing a host on the .org site with an affiliate link. It takes money to power an open source community like this one. Probably way more than I even know. The bigger issue to me is that they outright say that Bluehost is the “best and brightest of the hosting world” and unfortunately that’s no longer the case. I hope Bluehost does get things figured out, but until then, the WordPress foundation should probably ease off on the leg humping.

I’d honestly much rather see companies pay for space on the .org site than have new users getting bad recommendations. At least if .org was selling the space for $25,000 a month, everyone would know that was the situation and would be on their own for research. It would be transparent and people would know that “Daddy D’s Wacky WordPress Hosting” just had deep pockets, didn’t necessarily provide the best service.

What do YOU think? Should WordPress.org stop endorsing Bluehost? Should they at least provide an honest Bluehost review or some kind of real-life customer feedback? I’d love to hear your thoughts.

Join thousands of others and get weekly articles on improving your website

271 Comments

  1. Robert Anthony

    I host many sites with Bluehost and now I am going to move them all. They put one of my domains in varnish cache which means that I cannot make changes and if I do they may take up to 4 hours to show. They did this because last December the domain used too many resources on Plus Hosting. They did not inform me of this, they just did it and I only discovered it when i tried to set up a test site on the domain and went crazy for 2 days because I couldn’t see my changes. Then I thought it was a server issue so I called and found out about the varnish cache, which, I was informed can never be taken off. The only way would be to cancel the domain and begin anew or upgrade to Cloud Hosting at an increased cost.

    I have been an affiliate and have introduced many new clients to Bluehost. But no more. The fact that they didn’t find it necessary to inform a customer of a major change infuriates me. Goodbye Bluehost.

  2. Alejandro

    Hi, I have the shared hosting from September 2016, until now, all work as expected, no problems at all, no slowdown and good communication with support. I migrate from GoDaddy, where i had a lots of technical issues and a very bad communications with they support.

    All in my webpage are retail purchased, themes, plugins and so on, and all work perfect.

    This review, maybe are based on a personal bad experience and looks like a tons of other bad reviews from Mocha Host, a really very bad hosting system.

    WordPress.org are a big monster, and a big monster don’t talk about love with little hosting services.

    Thank you!

  3. Clifford

    Recently files on THEIR backend servers became corrupted for “unknown” reasons, even though they claim they are secure.

    This caused a lot of distress, as we were not able to log onto cpanel at all.

    Is Bluehost safe ? NO

    How is their customer service and support? They need to learn to read, you will not get much support. I ended up migrating.
    —-

    Clifford Lim
    The password file is corrupted on your server?
    3:39:34 PM
    Clifford Lim
    How did the file get corrupted in the first place?
    3:41:24 PM
    Vishal P
    Unfortunately it happens on rare occasion, we don’t have a reason.
    3:41:42 PM
    Vishal P
    If you have not reset the password from long time such issues happens
    3:41:52 PM
    Vishal P
    In that case you have to reset the passwword
    3:42:01 PM
    Vishal P
    *password
    3:42:10 PM
    Vishal P
    For security reasons.
    3:42:27 PM
    Clifford Lim
    Vishal, be careful. Are you trying to tell me not resetting password caused it to become corrupt?
    3:44:09 PM
    Vishal P
    it might be one of the reason, but we can not assure that.
    3:44:33 PM
    Vishal P
    it is always recommended to change the password on regular intervals
    3:45:04 PM
    Clifford Lim
    Vishal. This answer is going up to one of the hosting reviews forums and social media.
    3:46:04 PM
    Clifford Lim
    Is it ok to recommend me to reset password, it is not ok to imply that a file on your backend server is corrupted because I did not update my passwords.
    3:46:06 PM
    Vishal P
    I am giving the actual information from one of our technicians.

    ——

  4. Tim Millard

    Couldn’t agree more. Just signed up to a new Bluehost account. Wish I had read this first. Had trouble with the one click installer. Chatted with support only to redirect me to an article to manually install WordPress. Eventually got site running, only to come up against constant outages and slowness. The worst host I’ve ever used. I can’t believe WordPress.org endorse them.

  5. academia do importador

    I have never used Bluehost due to the large number of complaints I have read in numerous articles on the internet, currently I am using Hostinger with dedicated server and to date I have never had problems with server crashing, I highly recommend it.

  6. George

    Bluehost is down for more than 10 hrs now! I’m getting mad with all EIG hostings. Moving my clients out of Bluehost one by one now. There service has gotten bad. Outsourcing support to India is not acceptable and does not solve client problems. I’m moving out and here are the reasons why: . This article describes pretty much what’s going on and why it is not wise to stay with EIG hosting providers.

  7. rick

    I currently use bluehost on http://bizanosa.com/ . Im geeky so most of the support issues , I handle myself. My biggest concern with Bluehost is their server speeds.

    They tend to be slower. I could be wrong. Has anyone else experienced this ?

  8. TheN

    I upgraded from a Shared Server to the WordPress Standard VPS. They told me it would take 2 to 4 hours, and that my old site would be up and online while the migration happened. 36 hours have gone and my websites (and my client’s websites) are down, showing an ugly page for everyone to see. My emails are obviously not working either. Support says that the migration “has stuck” and it could “eventually go through”, and it will take up to “72 hours” to be fixed. I’m not even sure my files and databases are safe. I asked for details but in the chat support or in support@ or feedback@ don’t have access to the error messages or to the migration console. They just say that “developers are aware of that and will fixit asap” and that they have escalated the issue but I have to wait a full weekend (I scheduled the migration by Friday night) because the department that takes care of that isn’t available until Monday. My image with my clients is devastated now. If you deal with BlueHost you’ve been warned. I will ask for a compensation but I doubt I follow with them the next year, and I will go elsewhere to spend 40$/month for the next years. Very eroding experience. Useless support. Lies in Sales department. Lies in confirmation emails telling the old site will be up meanwhile the transfer occurs. Websites and emails down, and confused clients that I can’t explain what happened to.

  9. Bradley

    On three separate occasions I called Bluehost regarding my site consistently going up and down. Each time the rep did a quick check and told me my site was up and running and there were no problems. Apparently they don’t understand what “up and down” means. This is only one example of the many problems I’ve experienced.

    My service with them ends in January and it can’t be soon enough. I’ll likely be heading over to SiteGround or iPage. I’ve done quite a bit of research and these two consistently come out the best.

    Goodbye Bluehost.

  10. Rick

    So many outages. Clueless staff who don’t care – the ones I speak to are based in India (or similar).
    Live chat is a joke. No more email ticket support either. Worst business decision ever.

  11. Jay Miller

    WPMU Dev should be careful who they are giving wooden spoons to. This is the same company that cancelled my account, has for 2 weeks continued to send me emails, and just today after asking me to apologize to them (to get the honor of paying them $50/mo after they treated me so poorly) are now threatening that they are calling a lawyer for harassment. I’ve not spoken to them unless spoken to since the very beginning of all of this.

    But I’ve used Bluehost as well, and while the service wasn’t stellar it wasn’t the worst I’ve ever used. GoDaddy still gets that title for their terrible support team.

  12. Nya

    They are horrible. My website has been down for more than 36 hours now. I am not even joking. This never had happened to me before . Their technical support is absolutely useless, they are unable to solve the issue, and somehow they still blame on me, my plugins and my website, even though the website stopped working with no prior warning due to a 500 error. Worst service ever. AVOID.

  13. Russ

    I’ve been with them 3 years… they started off okay but have seriously tanked. They moved me to the cloud and lost my databases in the process. The service is slower (while they promised faster) and many outages… There support is crap as well, and no-one can help or follow case. AVOID!!!!!!!!

  14. Liz

    Do yourself a huge favor and don’t sign up for this year-long hosting nightmare. Their support team is completely unhelpful and rude. I can’t stand calling in for assistance because they are usually very mean people. Unfortunately, I still have 9 months to go! I was totally duped.

  15. Kay Collier

    They cannot solve a problem that even I, know exists…and I’m no techy person…they are just unbelievable in their lack of knowledge of their technical supposed support…just incredible!!!!!!

    They need to go, preferably off the internet, permanently.

    Kay Collier

  16. Jamie

    Probably the WORST hosting company there is, if not the worst company ever. There sales people outright lied to me to get me to upgrade to a faster server. I explained I had a launch and needed the site to be working. He told me no problem it would take 1 – 2 hours for the migration. As I spoke to different customer service reps 1 – 2 hours turned into 4 – 8, then 8 -12. Here I am on launch day no site and 8 – 12 has turned into up to 72 hours, and what does customer service have to say? Sorry there is nothing we can do about it, it will take as long as it takes. Needless to say I will be switching to another hosting provider ASAP. IF YOU’RE CONSIDERING BLUEHOST AS AN OPTION I HIGHLY SUGGEST YOU STEER CLEAR OF THEM AND ANYTHING THAT EVEN LOOKS LIKE THEM.

  17. Rishi M

    I noticed a strange thing with bluehost. A few days back i was checking my domain and Whoa! It now loads some movie site. 😮

    The support was unable to help and they said that i have done it. I tried to tell otherwise but they would just not listen. I have the domain in my account and it has a blank index.html in it.

    Weird.

    I have lost all faith on Bluehost it seems now. Also I have their cloud hosting plan – yet they show it as shared hosting on the top right of the cPanel. I asked the support guy why it shows shared and he said its cloud only but it shows shared like that 😮

  18. WW

    I have more than 5 sites hosting with Bluehost (Cloud hosting plan). I cannot believe it almost down once per week on average. And not too long ago, one of my site is down. When I access via ftp, guess what. All the content are gone, only left one empty wp-content folder. It happens when I contacted the technical support via live chat regards the website down issue. The technical support still manage to restore the data. But I found out the recent posts all gone. I asked them to restore the latest backup, they claimed that they did but the posts still missing. They just told me to have to manually repost what I need. However I found out the missing posts were in the thrash. I got no idea why suddenly everything is disappear without reason. Bluehost never answer my question why it is down

  19. mth

    My experience with BlueHost has been the worst hosting experience imaginable. WordPress site: they set up on a temp domain. Pages wouldn’t load and got 404 errors. Contacted support. After ridiculous wait times, their solution was: “Hire someone to fix this.” I’m calling to cancel and get a refund. PLEASE PLEASE GO SOMEWHERE ELSE.

    I could not be more disappointed in wordpress.org for recommending them. It taints their brand.

    1. Stefan Andonov

      Ah yes, every time I have an issue, I ask them, please give me a tip… WE CANNOT HELP YOU WITH THAT… please how can I install memcache and enable php-fpm… we cannot help you with that… well go to hell, Bluehost

  20. Rich Greenidge

    After 10 years, I got my yearly renewal with Blue Host 2 months ago. I found in my in email by-pass, a email from Blue host saying my website has been shutdown due to Malware. I haven’t changed a thing in 6 months. The only people who should be able to change add or remove my files are myself and them, I don’t believe no one else can. All others should be only able to download not upload. I called, and it sounded like a we need money thing to fix a problem that they created, or a disgruntled ex-employee. My Domain name is up in a few days, and I thought about calling them again and cussing them out this time, but that’s not the way I do things. When you lose your trust we me, that’s it. I’ll be looking for a new host when I get off of here and hope they don’t come up with this b.s. in the future also. They were like saying it’s my job to keep this stuff off my data space. If it was mine, nothing would get put on it, unless I sent it. I see I am not the only one, how strange. I knew money was going to come up, so I cut them off before she even got to that. Once she said techs, I knew the drill. Bye Blue Host. Just like Vonage you people never learn.

  21. Kech

    All the companies owned by EIG IS same. I am with Arvixe and my site has been down for the past 3days. No one is attending to mail, nor responding to tickets. No one cares . My frustration in the past 3 days have been beyond words. Thank God I read this because I was about jumping to Bluehost, it would have been from frying pan to fire. Am just frustrated and transferring account isn’t an easy thing to do. Where are the good hosts because I am just tired and frustrated.

  22. Leigh

    I have to agree – unfortunately Blue Host has tanked all around – from site speeds to their customer service team’s “template” answers to questions. I am a long time customer with a number of sites hosted with them. It will be a pain, but I feel I have no choice but to change hosting services as they expire.

  23. Mike Kirby

    100% agree with the accounts I see here. I was a very happy Bluehost customer for over 10 years. Funny, the focus shifted from customer support to upsells at about the same time I started getting “malware” infections every three months that could only be solved by paying them $200.

    I am not a newbie. I set up a cron job to monitor my account hourly for changes. The cron job mysteriously turned itself off a few hours before yet another mysterious reinfection and account shutdown. All wordpress components are up-to-date and all security vulnerablities have been addressed and they are no help whatsoever, they just keep doing this and trying to upsell me rather than provide support.

  24. Rerevisionist

    Interesting stuff.

    Bluehost’s forum was incredibly inert – just a few entries a day. I can’t believe any host with millions of sites would have so few users, I’ve just nitced they’ve discontinued the ticket system on technical enquiries! [I noticed 2 Aug 2016].

    My site is HTML only so I never get the sorts of hassles which may apply to WordPress sites, php users, and so on. I have a lot of sympathy with Bluehost, who must get a lot of beginner programmers making simple mistakes, some of them risky or very timewasting. On the other hand, Bluehost’s information is terrible – on redirecting sites for example the stuff is unreadable.

    I’ve never had any really serious issues, such as sites vanishing or being offline forever. But I decided to try their cloud system [NOT cloudflare, which I think makes copyright demands and needs one-only www treatment]. Their cloud in my case is supposed to have four locations – London, Hong Kong, San Jose, Houston – but I’m not even sure it does! The dashboard display doesn’t show the CPU use or RAM use as it should do.
    And I have a really odd bug – the ‘Last Visitors’ record has lots of pairs of repeated downloads – same IP, same date and time, same file name – one after another. It almost looks like a policy to fake hits, so that their cloud looks good.

    My experience with their support [my site, big-lies.org, has been online about 4 1/2 years] is probably similar to others here: it was good with a few weak experiences, and it is now bad, with a few good experiences. But of course I have no way of knowing whether other hosts are about the same, as they may well be. Maybe we need a union of website owners!

    Sorry to be so negative-ish.

  25. Linda

    The worst support I have ever had from a hosting company. EVER!!!! My sites have been unavailable for any changes for the past 3 days. When I contact support using chat I get Indian support which I would be fine with IF THEY ACTUALLY DID ANYTHING. Today after 4 different support conversations where I was told..your server is experiencing a Distributed Denial of Service attack, we are doing everything we can to take care of the problem (3 days???), then, no, the server itself is having a problem, then, no we don’t keep a copy of our support chats or any support calls, and then when I asked if someone would at least email me an update or something and was told yes, then 4 hours later still no change, I finally called to speak with a manager, to be told, your sever is experiencing a DDOS attack and until we isolate the account that is being attacked we can’t do anything. Um, just how many accounts are on my server. And the solution is to upgrade my account…of course.

  26. B Etloy

    I have had numerous problems with bluehost services. Worst of all, their customer support is abysmal. I would not recommend anyone to use their services

  27. Gino

    I’ve been with Bluehost for more than a decade. They used to be truly great. Since the 2011 purchase by EIG they’ve gone steadily downhill in every way. I’m desperate to find a decent webhost that has good real-time phone support, and isn’t focused on upselling and dumbing-down. Suggestions, please!?

  28. Lisa Irby

    Thank you for your transparency about BlueHost. I linked to your post in a recent video. What people need to know is that they were bought out by EIG in 2011 (along with many other popular hosting companies) and since that time they have gone downhill. Hostgator is also owned by them.

    The affiliate program is what is helping these companies grow so fast and they can’t keep up with customer support. EIG is liquidating all these companies and outsourcing employees overseas.

  29. Dianne Sharma-Winter

    I don’t think I would have even bothered to be a grouchy ex Bluehost client except for my recent experience with them when they suspended my account due to malware. The unhelpful person at the help desk told me that I had only the option to remove it myself or to have my website NUKED.The help desk assistant was so emphatic that I pay money to solve the issue that I began to suspect that this was a total hoax and that Bluehost itself had been hacked!
    So I googled that and came across many more stories like mine. My solution was to pay a fellow in India called Harwinder Kumar (via the upwork site) to remove the malware and he did it in two hours for $90.
    It was pretty silly of Bluehost to do this to me two months before renewal because today I transferred to inMotion.

  30. Dianne Sharma-Winter

    So what I did was contact bluehost online to talk to some person who really only wanted me to pay USD$249 to remove the malware and then sign up to an annual fee of USD$500 to have sitelock on my site. (Bluehost celebrated their union with sitelock by getting the guests to buy the wedding present. The online person made me feel that I had no choice but to do so and the only option they offered me was to NUKE my SITE and loose everything. They were very pushy about getting money and not at all interested in solving the problem. I refused to do anything other than sulk and research for a little bit. I am a kiwi and we DIY is in our DNA right but I know below zero about techy stuff even though Bluehost tells you that you can remove the malware yourself… so then delegate. I found a guy on the upwork site called Harwinder Kumar who fixed it in two hours and charged me NZD$90.00. Today I changed from Bluehost to inmotion. Such rotten business practises should never be rewarded!

  31. Keyle

    I am devastated. I was encouraged to sign up with Bluehost by a blogger that I follow. My site has been down for a year and I have a 2 more yrs to go, before it expires. I am out over 2 grand and cant get anything refunded. This site was suppose to help bring in my revenue, it has only cost me. I don’t know where to turn, I have a site that doesn’t work.

    After I contacted the better BBB on them they (the design department who I was told had to fix the problem) wont even answer my
    emails.

  32. Arianna

    Bluehost is a rip off. They try to entice new customers by having low sign up prices. Service is crappy, and then upon renewal they jack up the rates threefold with the same crappy service.

    I am so very glad my hosting is set to renew expire next week; even after bringing all of these points to their attention they, quite frankly, do not care. I have talked to multiple customer service agents AND emailed for feedback, and there is no apology or budging whatsoever. Makes it very easy for them to lose a longstanding customer.

    I will be switching over to SiteGround and am looking forward to better service.

  33. sara

    I have four sites on Bluehost. I have been reworking 2 of the sites this past 4 weeks so have been on them a bunch along with my developers. My websites have gone down over 20 times (that I know of) for us, just in 4 weeks!

    I am SO happy to find this article because as I was calling yet again about my websites being down, and as I was waiting for a level 2 tech to answer, (because the guy who answered the phone didn’t seem to care one bit), I found this article with all these comments and decided to hang up. That is the LAST time I am calling Bluehost. I am switching my hosting this week.

    If you are not signed up with Bluehost….DON’T….They really don’t care about you and you may find your site going out all the time like mine is.

    Bluest used to be a good company years ago, but they really are a crappy company now for anyone who has a business or needs to not have outages all the time.

  34. Linda S.

    Which would you recommend, then? I was about to sign up, until I read this article and some of the comments. I would appreciate if there was a suggestion of a good hosting site. Mine is for blogging, barely anything of major importance, but, still… would like to set foot in the right direction and this one’s kind of not unimpressive, so far.

  35. PAMELA SHADDOCK

    Maybe there was a time when Bluehost was at the top of their game but that time has definitely passed. I have had numerous sites negatively affected in recent months and Bluehost never takes any responsibility for anything. As many people noted, customer service could care less that you’ve just maybe lost a huge investment of time and money, and can be quite condescending in their reply. Their answer is to blame everyone else (and I mean EVERYone WordPress) and they basically leave you to fend for yourself. If you are considering this hosting company, think again.

  36. Kim

    DO NOT USE THIS COMPANY. FOR ALL THE MONEY YOU SAVE, YOU WILL PROBABLY LOSE IN PROBLEMS.

    I am out of there after a service tech told me that my client’s problem wasn’t important enough to escalate to management when I asked for a solution and they take responsibility.

    I am a developer. I have been designing websites since 1999. I have been developing sites using WordPress since 2006.

    I have client sites on Godaddy, Lunarpages, Justhost, and recently Bluehost.

    My clients site was compromised to full root access FIVE times. Each time after a completely new install, new database, and updated plugins. I also had cpanel wiped to a new install, an changed all passwords.

    He is on shared hosting.

    I have four times called them. They never take any credit and try to sell me extra monitoring for more money (around $500). I have taken every recommendation that they have suggested and implemented them. They love to refer the WP link, https://codex.wordpress.org/FAQ_My_site_was_hacked which I am sure I read soon after it was published an ion ago.

    None of my sites on other shared hosting accounts are having problems.

    This last time, Joshua of Bluehost, told me that my case wasn’t important enough to escalate.

    They are very rude and act very blameless. Our case was so uncommon, that out of 17 years I have never had this problem. I think it was important enough to escalate.

    This is the worst server experience and company that I have ever dealt with.

    Here is the full transcript:

    ———-
    Chat ID: 6847447. We have had multiple attacks that resulted in a full site compromise to full root access (symlinks to root). We believe that our shared account contains some sort of darkleech virus because of the following: 1.) We have reloaded a clean, up-to-date WordPress install and new database 5 times in the course of the past few months. 2.) We had Bluehost wipe our cpanel 1 time. 3.) We have ran virus scans on our clean versions with no warnings before uploading. We ran the same virus scans on the download of infected site and found viruses. 4.) We installed WireFence as directed by your techs and put the warnings on maximum security and notifications settings and received no warnings or notifications this last time (the 5th time). The virus populate all the way to root access without detection. NOTE: We run this same plugin on other sites and have warnings of changes to web and logins. We know that this plugin works, however it failed on this server. This has cost my client a lot of time, effort, money and now a warning from your hosting company that we are in violation for phishing. We need a remedy. We ask that you move our site to a secure, monitored service at your cost for a one year period OR – A refund of our hosting service fees. I develop websites and how five active sites up and running on other servers and have not had this problem. I am using the same template framework on each (underscore theme). Please let me know if there is a solution that we can work out. I am open to hearing solutions, but my client will not agree to putting more money towards your company. We believe Bluehost is at fault. I will be here waiting for an answer to pass on to XXXXXX, the owner of the site.
    10:00:17amJoshua

    Hi! Thank you for contacting terms of service. My name is Josh! How are you today?

    Can you please provide the last four characters of the main account password?

    10:00:44amKim

    I can provide the call in support number. Can I use this?

    10:05:49amKim

    Can we use the security code that we set up for calling in? Or do I have to provide the last 4 characters?

    10:06:35amJoshua

    You can use the 6+ digit PIN or the last 4 of your password.

    10:07:03amKim

    XXXXXXX

    10:07:32amJoshua

    Thanks

    10:08:06amKim

    You are welcome Joshua. How are you today?

    10:08:18amKim

    I know we can find a solution.

    10:08:26amKim

    I will give you time to read my case, okay? I did not include that we also

    10:09:02amKim

    changed all passwords, including ftp, database, and email accounts twice.
    I have added special passwords for key folders as well after reinstalliing clean sites.

    10:11:38amJoshua

    So our servers are patched against Darkleech, they were either before it was a problem or within a few days of the issue(it’s been sometime since that one so I don’t remember for sure), we take server security very seriously. So the server will not be the cause of why your the sites are getting hacked.

    Passwords are important to change, but actually not the main cause for WordPress sites getting hacked. It’s commonly from a vulnerable component in your site. So if you’ve secured your passwords I suggest you check the components you’re using.

    10:12:29amKim

    All of my plugins are up to date (or were at the time) and are common plugins.

    10:12:49amKim

    I am not saying this is a darkleech, I am saying that it is a psuedo.

    10:13:51amKim

    I believe that it is possible for this type of virus to get into your servers from articles I have reviewed by sucuri.net

    10:15:45amKim

    Reports of latest visitors have shown that they are looking for plugins with vulnerabilities that we do not have on the site

    10:16:39amKim

    And it is my understanding, from the other techs that I have talked to, that service accounts like the one my client has, are not monitored at deep levels. This I have been told is an additional price.

    10:17:06amKim

    So I hope we can agree that Bluehost might have some part in this.

    10:17:53amKim

    This is so uncommon. I have been doing this since 1999. I have only seen this once, and that is 3 years ago when the first virus of this type appeared.

    10:18:38amKim

    I have done 5 full wipes of this site. 2 times, full server account wipes

    10:21:48amJoshua

    If it were psuedo dark leech, that’s actually a site vulnerability.

    Our servers are completely secure, you’ll want to further examine your site components, having your plugins and theme up-to-date is important, but just as important is ensuring they are still supported and patched by the developer.

    What other techs maybe referring to is SiteLock, which is a monitoring service that monitors your account files. The server files however are constantly monitored by many individuals. Your account files are your responsibility as these are your site files.

    The server is 100% secure, you’ll need to check your components if your passwords and computers you access the server from are secure.

    10:23:02amKim

    We have taken all of your suggestions in the past.

    10:23:38amKim

    We have invested a lot of money with this problem.

    10:24:35amKim

    My other sites are not having any problems, and on one, I have similar activity of unauthorized users trying to gain access to the site. Wordfence has been blocking them.

    10:25:15amKim

    We have not found vulnerabilities.

    10:25:52amKim

    There may be some, but all scans have indicated that there are no problems on our clean site before and after we upload.

    10:26:13amKim

    How are we going to fix this?

    10:26:48amKim

    I am giving your company an opportunity here. I have been told 4 times it is in no way your fault. We now say it is.

    10:27:56amKim

    A refund for our hosting account is a solution.

    10:28:39amKim

    Monitoring our account for a year is another solution. Your company pays as a gratis for our problem.

    10:31:28amJoshua

    Our servers are secure, they are patched against all vulnerabilities, so the only way to hack your sites is either through a password or the sites themselves.

    We wish to retain your business, but we cannot fix this issue as it’s with your account itself.

    SiteLock is a service you’re welcome to purchase as well. They are our partner, but still a 3rd party, so we are not able to provide this service free.

    10:32:53amKim

    If you choose not to fix this, I will post our conversation on the internet. Maybe some other people are having this same problem and can show up to help your company identify a problem you might be having.

    10:33:15amKim

    And you will lose our business.

    10:34:40amKim

    Maybe nobody else is having this problem.

    10:35:10amKim

    But it will open the conversation.

    10:36:02amKim

    Our only intention is to fix this problem.

    10:37:50amJoshua

    Securing your sites against malware isn’t something we can help with. The types of sites available for use vary greatly for Linux servers. So securing your sites is something you’ll have to investigate. The only other thing I can suggest if you haven’t already viewed it is, https://codex.wordpress.org/FAQ_My_site_was_hacked

    Beyond that I’ll reiterate our servers are secure and if your sites are continuing to get hacked, it will be a site issue or password issue.

    10:38:30amKim

    I have read that article.

    10:39:38amKim

    I am not a newbie web designer. I would like to have your manager on this conversation.

    10:39:42amKim

    Please.

    10:40:46amKim

    I will reiterate that I have been doing this since 1999 and that I have been using WordPress since 2006.

    10:41:33amJoshua

    The fact you know about darkleech and psuedo darkleech tells me your not a newbie, but that doesn’t change the fact the servers are secure and the issue will be with your account.

    10:43:08amKim

    “In the end, an attacker will take whatever you give them. On most shared servers(Even servers on some of the more popular hosting services), attackers can create a symlink like we showed above to escalate access.” Securi.net

    10:44:56amKim

    My client has no more than 1 or 2 hundred dollars invested in your company. I am sure that your company will not suffer to return a refund, even if it has deducted use so far.

    10:45:44amJoshua

    This is not an for issue for us, it’s not possible for you access anything on the server level, so there’s nothing to give. Not even I can access files on the server level.

    10:46:13amKim

    Talk to your manager please.

    10:46:50amKim

    It is not a wrong right issue.

    10:46:58amKim

    It is a reputation issue.

    10:48:19amJoshua

    This will not be good use of your time, I can see if one is available, but he will tell you the same thing I’ve said exactly. There’s no server vulnerabilities and you’ll want to examine your files/passwords.

    10:48:42amKim

    No, this is not good service by you.

    10:48:53amKim

    I work for my client. It is a very good use of my time.

    10:49:56amJoshua

    I’m happy to escalate when I believe a manager can help, this isn’t something he can help with.

  37. Linc

    I have had problem after problem with Bluehost. They are down far too often to be considered an enterprise solution. Their support is abysmally slow, not to mention uninterested and condescending. Anyone who actually uses their site and receives any legitimate traffic is flagged constantly for TOS violations. Stay away.

Leave a Reply

Your email address will not be published. Required fields are marked *